CMS student, staff data affected by nationwide breach, district says

Charlotte-Mecklenburg Schools (CMS) officials informed employees that their student data platform, Canvas, was hacked over the weekend. Canvas is owned by Instructure, an education technology company widely used by schools and colleges. The breach, attributed to the ShinyHunters criminal extortion group, affected nearly 9,000 schools worldwide and exposed personal identifying information for over 275 million students, teachers, and staff. Instructure contained and remediated the vulnerability shortly after the breach was identified. CMS reviewed and secured its systems with guidance from the North Carolina Department of Public Instruction. The district warned employees that the data involved may include personal information, but found no indication that passwords, dates of birth, government identifiers, or financial information were involved. CMS has around 19,000 employees and 140,000 students.